From owner-freebsd-questions@FreeBSD.ORG Sun Feb 11 01:51:26 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CC98C16A401 for ; Sun, 11 Feb 2007 01:51:26 +0000 (UTC) (envelope-from bsdquestions@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.179]) by mx1.freebsd.org (Postfix) with ESMTP id 8F5C113C442 for ; Sun, 11 Feb 2007 01:51:24 +0000 (UTC) (envelope-from bsdquestions@gmail.com) Received: by py-out-1112.google.com with SMTP id f47so622694pye for ; Sat, 10 Feb 2007 17:51:23 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=ecNNb8PGo1d3cH4dhaeRXaXghShygbSQjyIkTxATNkN9nC6ZTyo2RewHjWULeWE9/gyCNu6Fd//zjsHJmUCskhjGaYObfgzMKrHEs7JdJwRNPqSYypM6l1U4VgxRnETqMSY8HwBeH68u3gKKyHm4geeB19LNu3xD9hD/avJgkXg= Received: by 10.35.69.11 with SMTP id w11mr11192094pyk.1171158683831; Sat, 10 Feb 2007 17:51:23 -0800 (PST) Received: from ?192.168.1.2? ( [71.59.152.225]) by mx.google.com with ESMTP id a70sm8890216pye.2007.02.10.17.51.22; Sat, 10 Feb 2007 17:51:22 -0800 (PST) Message-ID: <45CE769B.60708@gmail.com> Date: Sat, 10 Feb 2007 17:51:23 -0800 From: Michael User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: Michael , FreeBSD - Questions References: <45CE41ED.3050900@gmail.com> <20070210230636.GA5968@falcon.midgard.homeip.net> <45CE5846.80002@gmail.com> <20070211002949.GA6384@falcon.midgard.homeip.net> In-Reply-To: <20070211002949.GA6384@falcon.midgard.homeip.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: cvsup tag for ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Feb 2007 01:51:26 -0000 Erik Trulsson wrote: > On Sat, Feb 10, 2007 at 03:41:58PM -0800, Michael wrote: > >> Erik Trulsson wrote: >> >>> On Sat, Feb 10, 2007 at 02:06:37PM -0800, Michael wrote: >>> >>> >>>> Hello everyone, >>>> >>>> I'm building a production server and I have what may seem to be a very >>>> simple question so I hope it only requires a simple answer. >>>> >>>> As I've studied the FreeBSD Handbook as well as the man pages for this, >>>> it's still not clear to me which tag I should use for a production server. >>>> >>>> For my sources I always use the security branch for the release we are >>>> using so that they stay stable and also plug most of the security issues >>>> as they arise and so the sources tag is always RELENG_6_2. >>>> >>>> For the ports, the default tag is always tag=. which I'm not sure is the >>>> best thing for a production server since that's the tab for -CURRENT. >>>> On one hand it makes sense to track that branch for ports because that's >>>> where fixes would go for applications as they find them, but I'm not >>>> convinced this is the best thing for a production server and wonder if I >>>> should also use the security branch for the ports. >>>> >>>> My first question is, does any real security fixes go into the ports >>>> when you pull from a security branch? In other words, do maintainers >>>> actually submit fixes to that branch for the ports? >>>> >>>> I have a similiar question for the docs as well, should we be tracking >>>> only the security branch when using cvsup for sources, ports and doc's? >>>> >>>> >>> Neither the ports tree nor the docs tree is branched. I.e. there is no >>> security branch for ports. >>> On the other hand you are not required to update installed ports/packages >>> just because you update the ports tree. >>> >>> >>> >>> >> What do you mean they aren't branched? Of course they are or they >> wouldn't be in cvs and if I changed the tag, it wouldn't do anything >> (they wouldn't change on running cvsup), but they do change (ports get >> deleted/added/edited.), so I'm not following you here. >> >> Can you elaborate on what you mean? >> > > What I mean is that the ports tree only has a single CVS branch, HEAD, which > is what you get with tag=. > There are no other branches. (Unlike the src/ tree which does have several > different branches in addition to HEAD.) > There are tags (like RELEASE_6_2_0 or RELEASE_5_2_1) that identify the ports > tree at some specific point in time. > If you update the ports tree with e.g. tag=RELEASE_6_2_0 you will get the > ports tree in the same state as was shipped with FreeBSD 6.2-RELEASE. > If you use the same tag a couple of months later you will get exactly the > same thing - the ports tree as was shipped with FreeBSD 6.2-RELEASE. > > If you want to get updates to the ports tree you will have to use tag=. or > wait until a new release has been made and use the tag corresponding to that > particular release. > > > OK, that makes sense. Now getting back to my original question, if you are running a production server, does it make sense to pull down ports which are under the -CURRENT tag=. or should anyone who's running a production server just stick with what's in the current release ports? Would I benefit more from pulling down the most current ports because it offers the most up to date packages? If neither is safer than I think it's probably ok to just continue to pull down the most current, if that's not true than I should probably just use the ports which came with the release. This is what I'd like people's comments on more than anything else. Thanks for your feedback I really appreciate it. Michael Lawver